Last updated December 5th, 2023 23:55
By default, WordPress does not allow you to upload SVG images due to security reasons. If you require the use of these image types on your website, you can enable SVG upload effortlessly. This can be achieved using a concise code snippet. This snippet also checks your permissions in WordPress, allowing only administrators to upload SVG files. If you’re interested in how to enable SVG upload in WordPress using a snippet, keep reading.
Why can’t I upload SVG files to WordPress?
- Security risks: SVG files are flexible and can contain code that executes when displayed. This poses a security risk as attackers can exploit SVG files to carry out malicious activities, such as injecting unwanted code or hidden links.
- Potential vulnerabilities: There are various types of SVG files, each with its own potential vulnerabilities. WordPress may not be adequately protected against these vulnerabilities at a given time, making it safer to disable SVG file uploads by default.
- JavaScripts in SVG: SVG files are essentially XML documents that can contain JavaScript code. This means that scripts can be embedded in SVG files, which will be executed when the SVG is displayed on a web page.
How to enable SVG upload in WordPress using a snippet
To insert short PHP code snippets, also known as snippets, into your website, you’ll need a plugin. There are several available in the official repository. Personally, I recommend using the WPCode plugin. It is also available at this address: https://wordpress.org/plugins/insert-headers-and-footers/
With this plugin, you can easily add code to your system that will execute and perform actions and functions defined by you. For a detailed guide, if you have never worked with such a plugin before, you can find it here: How to Insert Custom Code in WordPress.
If you have read the article, you probably have an idea of how to add such a snippet to your website. The code to enable SVG looks like this:
/**
* Allow SVG uploads for administrator users.
*
* @param array $upload_mimes Allowed mime types.
*
* @return mixed
*/
add_filter(
'upload_mimes',
function ( $upload_mimes ) {
// By default, only administrator users are allowed to add SVGs.
// To enable more user types edit or comment the lines below but beware of
// the security risks if you allow any user to upload SVG files.
if ( ! current_user_can( 'administrator' ) ) {
return $upload_mimes;
}
$upload_mimes['svg'] = 'image/svg+xml';
$upload_mimes['svgz'] = 'image/svg+xml';
return $upload_mimes;
}
);
/**
* Add SVG files mime check.
*
* @param array $wp_check_filetype_and_ext Values for the extension, mime type, and corrected filename.
* @param string $file Full path to the file.
* @param string $filename The name of the file (may differ from $file due to $file being in a tmp directory).
* @param string[] $mimes Array of mime types keyed by their file extension regex.
* @param string|false $real_mime The actual mime type or false if the type cannot be determined.
*/
add_filter(
'wp_check_filetype_and_ext',
function ( $wp_check_filetype_and_ext, $file, $filename, $mimes, $real_mime ) {
if ( ! $wp_check_filetype_and_ext['type'] ) {
$check_filetype = wp_check_filetype( $filename, $mimes );
$ext = $check_filetype['ext'];
$type = $check_filetype['type'];
$proper_filename = $filename;
if ( $type && 0 === strpos( $type, 'image/' ) && 'svg' !== $ext ) {
$ext = false;
$type = false;
}
$wp_check_filetype_and_ext = compact( 'ext', 'type', 'proper_filename' );
}
return $wp_check_filetype_and_ext;
},
10,
5
);
Conclusion
If you add this snippet to your system and activate it, system users will be able to upload files with the .SVG extension. However, please note that this option is only available to users with administrator privileges. Others do not have this capability. When uploading SVG files, always remain cautious and use images only from trusted sources.
The website is created with care for the included information. I strive to provide high-quality and useful content that helps or inspires others. If you are satisfied with my work and would like to support me, you can do so through simple options.
Subscribe to the Newsletter
Stay informed! Join our newsletter subscription and be the first to receive the latest information directly to your email inbox. Follow updates, exclusive events, and inspiring content, all delivered straight to your email.
